Emerald (she/her)Debian security amirite?
oce đThe malicious changes were submitted by JiaT75, one of the two main xz Utils developers with years of contributions to the project.
âGiven the activity over several weeks, the committer is either directly involved or there was some quite severe compromise of their system,â Freund wrote. âUnfortunately the latter looks like the less likely explanation, given they communicated on various lists about the âfixesââ provided in recent updates. Those updates and fixes can be found here, here, here, and here. arstechnica.com/âŚ/backdoor-found-in-widely-used-lâŚ
That really sucks. This kind of thing can make people and companies lose trust in open source.
WookiNo, its the exact opposite.
Supply chain conpromise is a level of risk to manage no unique to FOSS. Ever hear of sunburst? It resulted in a lot of Microsofts cloud customers getting wreaked all because their supply chain was compromised.
Do people continue to buy into 365 and Azure? Yes. Without care.
Yeah, I agree but I know some companies will have stupid thoughts like âa company employee is less likely to do thatâ or âat least we have an employment contract to back us up legallyâ.
Ugh this reminds me of a guy I worked with, he used to be a trucker but became a software tester (he was also very religious).
Anyway he used to hate on open source software and call it open sores. According to him it was all amateur crap. Ugh I still hate that guy and it has been 15 yearsâŚ